GlobalProtect Deployment For Dummies

Greetings all,

  we are migrating from Checkpoint to Palo Alto and will be moving to the GlobalProtect Solution for our remote employees.  I have never deployed GlobalProtect and wanted to see if there were any recommendations on where to start and i

Need monitoring alert for ip pool exhuasted

Hello Team,

Recently, we faced the GP issue, and we found it was due to the IP pool being exceeded.

We want to setup alert monitoring, so if the pool gets 90% of its IP's, then we should get an alert so we can extend the IP pool's.

Please provide t

Global Protect Configuration

Hello,

We have configured Global Protect on VM-300. We are in the testing phase and would like to test replacing Ivanti Connect Secure with Global Protect. Ivanti Connect Secure uses realm and user role mapping to realm to all access to different res

GlobelProtect portal started failing authentications, was fine this morning

Our normal firewall guy is out on extended leave starting last Friday, and I am pretty much a neophyte with this system. 

Here's what I've got.  We've got 2 portals as follows portalA.ourdomain.com and portalB.ourdomain.com.  They were both working f

What does it mean Stage and Event GlobalProtect Fields?

Dear, we are doing a large and hard troubleshooting to forensic analysis into our company, so we need know more information about the "GlobalProtect Stages and Events columns Logs Monitor".

Example: what it means the stages: before-login, tunnel, host

GP SAML authentication with multiple client configurations in gatway

Hi Everyone,

I'm trying to allow to separate entities to login to an external GP gateway using the same auth profile.

In the gateway configuration under agent, I have two configs one for each entity with specific routes for each. When I have one

two browser windows to authenticate

when you open up GlobalProtect, it opens two browser windows to authenticate. we cannot connect until we close just 1 of those authentication windows. how to troubleshoot?

GP HIP Profile Applied to Security Policy with Multiple Zones

Hi everyone! 

First LIVE post, hoping to learn about how HIP profiles function when applied to security policies. 

I have a zone created for my Global Protect VPN users, I want to apply a HIP Profile that checks if the computer is domain joined a

Global protect self uninstall on mac

Hi all, I have a peculiar problem that I would appreciate help with.

Myself and the IT team(me being part of the security team) are piloting the GP with Prisma sase as the vpn of choice for our organization. We have two endpoints with it - a mac and

AZURE VM Configure GP with certificate

I have an HA pair of VM series Palo Alto Firewalls deployed in Azure. How do I associate the public IP to a certificate on the PA? Are there any instructions on how to do this available? Do I add the public IP or? I cant use dhcp as its an HA config

Global Protect Disconnects Frequently

Hello,

I am running Palo Alto in my network and few team members connects to Global Protect VPN for different partner.

As soon as they connect, VPN keeps disconnecting frequently. If same members connect VPN from home or with hotspot, it works perf

How to Internalize Palo Alto Global Protect?

CSP unsafe setting detected by scanner on PA LSVPN gateway

Hi All-

We have LSVPN configured and working.

However, a recent security scan shows that Content Security Policy (CSP ) issue with the gateway default login script in PA.  

It complains about:

script-src: self

style-src: self

Is there any suggest

Global Protect Azure MFA SAML FIDO Key

Hi,

I configured Global Protect with Azure MFA (SAML).I have set this up as described here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE

Unfortunately I can´t see the FIDO Key in the Login-mask. The other authenti

GlobalProtect Connection Issues in PAN-OS 10.2.7-h3

Hello Friends, 
What troubleshooting steps can I take to address the GlobalProtect connectivity issues, including the "Your GlobalProtect session has been disconnected due to network connectivity issues or session timeouts" notification and the SSL VP